mirror of
https://github.com/MariaDB/server.git
synced 2026-01-06 05:22:24 +03:00
93991b6be9
in trigger Interchangeable calls to the mysql_change_user client function and invocations of a trigger changing some user variable caused a memory corruption and a crash. The mysql_change_user API call forces TDH::cleanup() on a server that frees user variable entries. However it didn't reset Item_func_set_user_var::entry to NULL because Item_func_set_user_var::cleanup() was not overloaded. So, Item_func_set_user_var::entry held a pointer to freed memory, that caused a crash. The Item_func_set_user_var::cleanup method has been overloaded to cleanup the Item_func_set_user_var::entry field. mysql-test/r/user_var.result: Added test case for bug #42188. mysql-test/t/user_var.test: Added test case for bug #42188. sql/item_func.cc: Bug#42188: crash and/or memory corruption with user variables in trigger The Item_func_set_user_var::cleanup method has been overloaded to cleanup the Item_func_set_user_var::entry field. sql/item_func.h: Bug#42188: crash and/or memory corruption with user variables in trigger The Item_func_set_user_var::cleanup method has been overloaded to cleanup the Item_func_set_user_var::entry field.
10 KiB
10 KiB